Cumulative patch from commit 5079392954c80573234952772dc39dbb5d3179ca
5079392 Increase buffer size and prevent write beyond buffer end
ded22b5 hostapd: Fix segfault after ACS when flushing STAs
7e910b7 WPS NFC: Cancel scheduled scan before attempting a scan
24d110d Replace printf with wpa_printf debug message
b72e14e P2P: Do not allow P2P client connection without P2P IE from GO
5df7414 P2P: Allow persistent group determination based on Beacon frame
aaeb9c9 P2P: Allow GO to be discovered based on Beacon frame
b16696f P2P: Show p2p flag in debug info for scan results
bb50ae4 P2P: Show P2P flag in BSS entries also based on Beacon frames
ff57398 P2P: Do not drop P2P IEs from BSS table on non-P2P scans
adeb4f5 P2P: Make sure wait for the first client gets stopped
f22f274 P2P: Clone 'disable_scan_offload' parameter for p2p group
63ce59d P2P: Increase Invitation Request timeouts
acdd0fc P2P: Clear p2p_group_formation and p2p_in_provisioning on group removal
Change-Id: I464e59b59ac0c15af1b72ca0eda00e55c699c1c7
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/wpa_supplicant/bss.c b/wpa_supplicant/bss.c
index 7d9bac5..df1a0c8 100644
--- a/wpa_supplicant/bss.c
+++ b/wpa_supplicant/bss.c
@@ -502,6 +502,22 @@
wpa_bss_copy_res(bss, res, fetch_time);
/* Move the entry to the end of the list */
dl_list_del(&bss->list);
+#ifdef CONFIG_P2P
+ if (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) &&
+ !wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE)) {
+ /*
+ * This can happen when non-P2P station interface runs a scan
+ * without P2P IE in the Probe Request frame. P2P GO would reply
+ * to that with a Probe Response that does not include P2P IE.
+ * Do not update the IEs in this BSS entry to avoid such loss of
+ * information that may be needed for P2P operations to
+ * determine group information.
+ */
+ wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Do not update scan IEs for "
+ MACSTR " since that would remove P2P IE information",
+ MAC2STR(bss->bssid));
+ } else
+#endif /* CONFIG_P2P */
if (bss->ie_len + bss->beacon_ie_len >=
res->ie_len + res->beacon_ie_len) {
os_memcpy(bss + 1, res + 1, res->ie_len + res->beacon_ie_len);
@@ -1012,6 +1028,43 @@
/**
+ * wpa_bss_get_vendor_ie_beacon - Fetch a vendor information from a BSS entry
+ * @bss: BSS table entry
+ * @vendor_type: Vendor type (four octets starting the IE payload)
+ * Returns: Pointer to the information element (id field) or %NULL if not found
+ *
+ * This function returns the first matching information element in the BSS
+ * entry.
+ *
+ * This function is like wpa_bss_get_vendor_ie(), but uses IE buffer only
+ * from Beacon frames instead of either Beacon or Probe Response frames.
+ */
+const u8 * wpa_bss_get_vendor_ie_beacon(const struct wpa_bss *bss,
+ u32 vendor_type)
+{
+ const u8 *end, *pos;
+
+ if (bss->beacon_ie_len == 0)
+ return NULL;
+
+ pos = (const u8 *) (bss + 1);
+ pos += bss->ie_len;
+ end = pos + bss->beacon_ie_len;
+
+ while (pos + 1 < end) {
+ if (pos + 2 + pos[1] > end)
+ break;
+ if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
+ vendor_type == WPA_GET_BE32(&pos[2]))
+ return pos;
+ pos += 2 + pos[1];
+ }
+
+ return NULL;
+}
+
+
+/**
* wpa_bss_get_vendor_ie_multi - Fetch vendor IE data from a BSS entry
* @bss: BSS table entry
* @vendor_type: Vendor type (four octets starting the IE payload)